The quiet threat: Cyber spies are already in your systems

Bob Violino |
July 28, 2010

Special report: Electronic espionage from China and others could be stealing your vital product and business information right now

SAN FRANCISCO, 27 JULY 2010 - Is your company's data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It's an insidious security threat that's a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat -- and putting in place adequate technology and procedural safeguards -- should be a high priority. The stakes are too high to ignore the problem.

Security experts believe that a growing number of companies are being spied upon electronically by sources from other countries, most notably China. What makes these attacks so troublesome is that their techniques are often undetectable by the usual security tools. Electronic spies try to get into systems without causing disruptions, so they can quietly gather information over a period of time.

These types of threats are much harder to deal with than untargeted attacks because they never become widespread enough for security vendors to observe reliably. As a result, security software and other tools that detect known attacks don't identify these threats. Also, an attack that's aimed at a particular target can be designed to get around whatever combination of defenses is in place. And the people who launch electronic spying attacks go to great lengths to prevent the targets from detecting the threat.

Although the problem is largely hidden, it is real and serious. In this special report, InfoWorld.com answers the key questions on who's spying, what they're looking for, and what you can do to protect yourself.

How common is e-spying?

Observers say electronic spying is becoming more common. Neil MacDonald, a vice president at research firm Gartner who covers computer security, maintains that as many as 75 percent of enterprises have been or are being infected with undetected, financially motivated, targeted attacks that evaded their traditional perimeter and host defenses.

"Any government or commercial organization with sensitive information is being targeted," MacDonald says. The highly publicized attack on Google's network, in which the company was a target of what it called a highly sophisticated and coordinated assault originating from China, was just the beginning. MacDonald says multiple Gartner clients have reported being attacked during the same timeframe via similar methods. InfoWorld's editors have learned of repeated attacks at major companies, described in several off-the-record conversations.

Others say it's hard to determine how widespread this type of activity is because the attacks are so difficult to identify and track.

"While we know it's a serious problem, the secrecy of these kinds of attacks makes it impossible to know how common they are," says Paul Kocher, the chief scientist at Cryptography Research, a security consultancy. Spying organizations consider any effort that gets detected by the victim to be a massive failure, so the only information available relates to attacks that failed, Kocher says.